<?php

namespace app\http\middleware;

use app\model\AdminStores;
use app\util\ReturnCode;
use app\util\Tools;

class CheckStores
{

    /**
     * 短信检测
     * @param \think\facade\Request $request
     * @param \Closure $next
     * @return mixed|\think\response\Json
     * @author zhaoxiang <zhaoxiang051405@gmail.com>
     */
    public function handle($request, \Closure $next)
    {
        $header = config('apiadmin.CROSS_DOMAIN');
        $userInfo = $request->API_ADMIN_USER_INFO;
        $id = $request->param('id');
        //如果是系统管理员用户，随便操作
        if (isset($id) && !Tools::isAdministrator($userInfo['id'])) {
            //如果不是管理员，就限制只能操作其站点下的非站长用户
            $has = AdminStores::get(['tid' => $userInfo['tid'], 'id' => $id], [], true);
            if (!$has) {
                $data = ['code' => ReturnCode::AUTH_REFUSE, 'msg' => '越权操作', 'data' => []];
                return json($data)->header($header);
            }
        }
        return $next($request);
    }
}
